Client-side SSL Connection

This allows a user to pass a cert and a key to use in HTTPS connections. The flags --cert-file and --key-file are added to the CLI. Addiionally, update the debug curl logging to print --cacert and -k when ca_file and insecure are set. Related to bp glance-client-parity. Change-Id: Ibaea51419a903afb7939a6b5b848f7a6667893bf
2012-08-02 15:30:50 -07:00 · 2012-08-02 15:30:50 -07:00 · 227d166109
commit 227d166109
parent ff34cfc50f
2 changed files with 30 additions and 0 deletions
--- a/glanceclient/common/http.py
+++ b/glanceclient/common/http.py
@ -51,6 +51,8 @@ class HTTPClient(object):
        if parts.scheme == 'https':
            _class = VerifiedHTTPSConnection
            _kwargs['ca_file'] = kwargs.get('ca_file', None)
+            _kwargs['cert_file'] = kwargs.get('cert_file', None)
+            _kwargs['key_file'] = kwargs.get('key_file', None)
            _kwargs['insecure'] = kwargs.get('insecure', False)
        elif parts.scheme == 'http':
            _class = httplib.HTTPConnection
@ -71,6 +73,19 @@ class HTTPClient(object):
            header = '-H \'%s: %s\'' % (key, value)
            curl.append(header)

+        conn_params_fmt = [
+            ('key_file', '--key %s'),
+            ('cert_file', '--cert %s'),
+            ('ca_file', '--cacert %s'),
+        ]
+        for (key, fmt) in conn_params_fmt:
+            value = self.connection_params[2].get(key)
+            if value:
+                curl.append(fmt % value)
+
+        if self.connection_params[2].get('insecure'):
+            curl.append('-k')
+
        if 'body' in kwargs:
            curl.append('-d \'%s\'' % kwargs['body'])

@ -189,6 +204,11 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
        else:
            kwargs = {'cert_reqs': ssl.CERT_REQUIRED, 'ca_certs': self.ca_file}

+        if self.cert_file:
+            kwargs['certfile'] = self.cert_file
+            if self.key_file:
+                kwargs['keyfile'] = self.key_file
+
        self.sock = ssl.wrap_socket(sock, **kwargs)


--- a/glanceclient/shell.py
+++ b/glanceclient/shell.py
@ -64,6 +64,14 @@ class OpenStackImagesShell(object):
                 "not be verified against any certificate authorities. "
                 "This option should be used with caution.")

+        parser.add_argument('--cert-file',
+            help='Path of certificate file to use in SSL connection. This '
+                 'file can optionally be prepended with the private key.')
+
+        parser.add_argument('--key-file',
+            help='Path of client key to use in SSL connection. This option is '
+                 'not necessary if your key is prepended to your cert file.')
+
        parser.add_argument('--ca-file',
            help='Path of CA SSL certificate(s) used to sign the remote '
                 'server\'s certificate.')
@ -384,6 +392,8 @@ class OpenStackImagesShell(object):
            'insecure': args.insecure,
            'timeout': args.timeout,
            'ca_file': args.ca_file,
+            'cert_file': args.cert_file,
+            'key_file': args.key_file,
        }

        client = glanceclient.Client(api_version, endpoint, **kwargs)